As the `get_current_active_user` dependency has as a sub-dependency on `get_current_user`, the scope `"me"` declared at `get_current_active_user` will be included in the list of required scopes in the `security_scopes.scopes` passed to `get_current_user`.

The *path operation* itself also declares a scope, `"items"`, so this will also be in the list of `security_scopes.scopes` passed to `get_current_user`.

        String scope = "testScope";
        when(nameServiceClient.getNbtByName(host, type, scope)).thenThrow(new UnknownHostException("Host not found"));

        // Act & Assert
        assertThrows(UnknownHostException.class, () -> nameServiceClient.getNbtByName(host, type, scope));
        verify(nameServiceClient, times(1)).getNbtByName(host, type, scope);
    }

    @Test
    void testGetNbtByName_String() throws UnknownHostException {

      <scope>provided</scope>
    </dependency>
    <dependency>
      <groupId>org.eclipse.sisu</groupId>
      <artifactId>org.eclipse.sisu.inject</artifactId>
      <scope>provided</scope>
    </dependency>
    <dependency>
      <groupId>org.eclipse.sisu</groupId>
      <artifactId>org.eclipse.sisu.plexus</artifactId>
      <scope>provided</scope>
    </dependency>
    <dependency>

        byte[] dst = new byte[100];

        int length = name.writeWireFormat(dst, 0);

        // Scope should start at position 33 with a length byte (not '.')
        // The first byte after encoding would be the length of "scope"
        assertEquals(5, dst[33]); // Length of "scope"

        // Verify total length includes scope

      <scope>provided</scope>
    </dependency>
    <dependency>
      <groupId>org.eclipse.sisu</groupId>
      <artifactId>org.eclipse.sisu.plexus</artifactId>
      <scope>provided</scope>
    </dependency>
    <dependency>
      <groupId>org.eclipse.sisu</groupId>
      <artifactId>org.eclipse.sisu.inject</artifactId>
      <scope>provided</scope>
    </dependency>
    <dependency>

			<version>2.2</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.mockito</groupId>
			<artifactId>mockito-core</artifactId>
			<version>5.11.0</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.testcontainers</groupId>
			<artifactId>testcontainers</artifactId>
			<version>1.21.3</version>
			<scope>test</scope>
		</dependency>
		<dependency>

由於現在宣告了這些 scopes，當你登入／授權時，它們會出現在 API 文件中。

你可以選擇要授予哪些 scopes 存取權：`me` 與 `items`。

這與你使用 Facebook、Google、GitHub 等登入時所授與權限的機制相同：

<img src="/img/tutorial/security/image11.png">

## 內含 scopes 的 JWT token { #jwt-token-with-scopes }

現在，修改 token 的路徑操作以回傳所請求的 scopes。

我們仍然使用相同的 `OAuth2PasswordRequestForm`。它包含屬性 `scopes`，其為 `list` 的 `str`，列出請求中收到的每個 scope。

並且我們將這些 scopes 作為 JWT token 的一部分回傳。

/// danger

     * {@return all enabled sources that provide files in the given language for the given scope}.
     * If the given scope is {@code null}, then this method returns the enabled sources for all scopes.
     * If the given language is {@code null}, then this method returns the enabled sources for all languages.
     * An arbitrary number of source roots may exist for the same scope and language.
     * It may be, for example, the case of a multi-versions project.

			<version>12.0.32</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.eclipse.jetty.ee10</groupId>
			<artifactId>jetty-ee10-servlet</artifactId>
			<version>12.0.16</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>slf4j-simple</artifactId>
			<version>${slf4j.version}</version>
			<scope>test</scope>
		</dependency>

    /**
     * Gets the cache scope (ALL or IMMEDIATE_CHILDREN)
     * @return the cache scope
     */
    public DirectoryCacheScope getScope() {
        return scope;
    }

    /**
     * Sets the cache scope for this directory cache
     * @param scope the cache scope to set
     */
    public void setScope(DirectoryCacheScope scope) {
        this.scope = scope;
    }

    /**